skills/fatfingererr/macro-skills/analyze-platinum-to-brazil-equities-transmission/Gen Agent Trust Hub
analyze-platinum-to-brazil-equities-transmission
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses the
yfinancelibrary to fetch historical price data from Yahoo Finance, which is an external, non-whitelisted network source. - Evidence:
scripts/fetch_data.pycallsyf.download()to retrieve data for tickers likePL=FandEWZ. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from external financial APIs. While this creates a vulnerability surface, the processing is mathematical and does not involve executing instructions embedded in the data.
- Ingestion points:
scripts/fetch_data.py(Yahoo Finance API prices). - Boundary markers: Absent (data is processed as numeric sequences).
- Capability inventory: File writing (CSV, PNG), local subprocess execution for analysis scripts.
- Sanitization: The
yfinanceandpandaslibraries coerce the raw API response into structured numeric data, effectively stripping non-numeric content. - [DATA_EXFILTRATION] (INFO): The skill stores fetched market data in a local cache directory. No sensitive user information or credentials are accessed or transmitted.
- Evidence:
scripts/fetch_data.pysaves CSV files todata/cache/.
Audit Metadata